[Freeswitch-users] Hello hackers!

[curriegrad2004]

S/hackers/script kidiots/g

On Sunday, December 9, 2012, Cal Leeming [Simplicity Media Ltd] <
cal.leeming at simplicitymedialtd.co.uk> wrote:
> Sounds like I might have slightly misinterpreted your initial email and
jumped too fast to a conclusion, so my apologies for this!
> I agree that it's rare to have a discussion about such topics without
things getting hot, and hearing someone else's thoughts on the subject has
been quite interesting.
> Cal
>
> On Sun, Dec 9, 2012 at 6:49 AM, Brian Foster <bdfoster at endigotech.com>
wrote:
>
> I appreciate your comments and concerns, and I respect the fact that we
can talk about this stuff without things getting ugly. My comments are
below.
> -BDF
>
>
> On Sat, Dec 8, 2012 at 11:46 PM, Cal Leeming [Simplicity Media Ltd] <
cal.leeming at simplicitymedialtd.co.uk> wrote:
>
> Thank you for the detailed response.
>
> On Sun, Dec 9, 2012 at 1:29 AM, Brian Foster <bdfoster at endigotech.com>
wrote:
>
> The 'bad apple' in which I was referring to was using the same IP as a
client of ours. He was trying to DOS the honeypot from an IP I posted on
the mailing list when doing some testing for someone. I have no idea if he
read the post on the mailing list or not. It's not really of my concern.
>
> You know what happens when someone attacks one of our clients?
> We track them down, introduce them to the CTO/CEO of the company they
attacked, and give them an opportunity to prove themselves. I have been
involved in this process on several occasions now where the outcome has
been extremely positive. I'm not saying this works all the time, but
sometimes people don't need punishment, they need guidance.
>
> This is not really a practice of ours because there are so many people
out there that contribute to the problem. It's too time consuming to
educate those people. I really wish I could do that, but it's just not
feasible. We do not actively pursue these abusive IP's nor do we DDOS them
or fight back in any other way other than fighting back some of the noise
through blocking those activities on machines we support.
>
>
> If you got on the wiki and searched for fail2ban, you would be setting up
your server to jail the same IP's we are under the same circumstances. The
only difference is we log who gets caught by fail2ban and distribute the
list internally.
>
> We do not release this information per company policy. We also do not
gather this information from other sources. We only use the information we
gather through the processes we put in to place.
> My comment on the 180K IP's was mostly sarcastic, however. It probably
wasn't appropriate and I do apologize for that.
> I'm not exactly up to date on the legalities of releasing that type of
information so we rather not release it. It's nothing against the
freeswitch community or the open source community. We just don't like
getting in trouble.
> If we did spend the resources into making sure everything was legal on
the information regarding the 180K IP's, we would certainly release these
free of charge. It's not something I would be interested in making money
from.
>
> The concept is no different to email blacklist databases (e.g. XBL), and
there would be no legalities stopping you from releasing this information
into the public domain - only internal red tape and policies. I can say
this with at least some authority on the subject (although I'm by no means
an expert).
>
> I'm open to this idea, but I would have to consult attorneys to do this.
We operate very cautiously as in we do not operate in grey areas. If this
is a potential grey area we will certainly take the extra precautions in
order to prevent legal issues.
> This isn't some big company that has endless amounts of resources. We're
a small business, just like those we support. We also have to consider how
this effects our clients as well, and we
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20121209/d665a3cb/attachment.html